1 /* $NetBSD: npf_rproc.c,v 1.16 2017/01/29 00:15:54 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2009-2013 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This material is based upon work partially supported by The 8 * NetBSD Foundation under a contract with Mindaugas Rasiukevicius. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 /* 33 * NPF extension and rule procedure interface. 34 */ 35 36 #ifdef _KERNEL 37 #include <sys/cdefs.h> 38 __KERNEL_RCSID(0, "$NetBSD"); 39 40 #include <sys/param.h> 41 #include <sys/types.h> 42 43 #include <sys/atomic.h> 44 #include <sys/kmem.h> 45 #include <sys/mutex.h> 46 #include <sys/module.h> 47 #endif 48 49 #include "npf_impl.h" 50 51 #define EXT_NAME_LEN 32 52 53 typedef struct npf_ext { 54 char ext_callname[EXT_NAME_LEN]; 55 LIST_ENTRY(npf_ext) ext_entry; 56 const npf_ext_ops_t * ext_ops; 57 unsigned ext_refcnt; 58 } npf_ext_t; 59 60 struct npf_rprocset { 61 LIST_HEAD(, npf_rproc) rps_list; 62 }; 63 64 #define RPROC_NAME_LEN 32 65 #define RPROC_EXT_COUNT 16 66 67 struct npf_rproc { 68 /* Flags and reference count. */ 69 uint32_t rp_flags; 70 u_int rp_refcnt; 71 72 /* Associated extensions and their metadata . */ 73 unsigned rp_ext_count; 74 npf_ext_t * rp_ext[RPROC_EXT_COUNT]; 75 void * rp_ext_meta[RPROC_EXT_COUNT]; 76 77 /* Name of the procedure and list entry. */ 78 char rp_name[RPROC_NAME_LEN]; 79 LIST_ENTRY(npf_rproc) rp_entry; 80 }; 81 82 void 83 npf_ext_init(npf_t *npf) 84 { 85 mutex_init(&npf->ext_lock, MUTEX_DEFAULT, IPL_NONE); 86 LIST_INIT(&npf->ext_list); 87 } 88 89 void 90 npf_ext_fini(npf_t *npf) 91 { 92 KASSERT(LIST_EMPTY(&npf->ext_list)); 93 mutex_destroy(&npf->ext_lock); 94 } 95 96 /* 97 * NPF extension management for the rule procedures. 98 */ 99 100 static const char npf_ext_prefix[] = "npf_ext_"; 101 #define NPF_EXT_PREFLEN (sizeof(npf_ext_prefix) - 1) 102 103 static npf_ext_t * 104 npf_ext_lookup(npf_t *npf, const char *name, bool autoload) 105 { 106 npf_ext_t *ext; 107 char modname[RPROC_NAME_LEN + NPF_EXT_PREFLEN]; 108 int error; 109 110 KASSERT(mutex_owned(&npf->ext_lock)); 111 112 again: 113 LIST_FOREACH(ext, &npf->ext_list, ext_entry) 114 if (strcmp(ext->ext_callname, name) == 0) 115 break; 116 117 if (ext != NULL || !autoload) 118 return ext; 119 120 mutex_exit(&npf->ext_lock); 121 autoload = false; 122 snprintf(modname, sizeof(modname), "%s%s", npf_ext_prefix, name); 123 error = module_autoload(modname, MODULE_CLASS_MISC); 124 mutex_enter(&npf->ext_lock); 125 126 if (error) 127 return NULL; 128 goto again; 129 } 130 131 void * 132 npf_ext_register(npf_t *npf, const char *name, const npf_ext_ops_t *ops) 133 { 134 npf_ext_t *ext; 135 136 ext = kmem_zalloc(sizeof(npf_ext_t), KM_SLEEP); 137 strlcpy(ext->ext_callname, name, EXT_NAME_LEN); 138 ext->ext_ops = ops; 139 140 mutex_enter(&npf->ext_lock); 141 if (npf_ext_lookup(npf, name, false)) { 142 mutex_exit(&npf->ext_lock); 143 kmem_free(ext, sizeof(npf_ext_t)); 144 return NULL; 145 } 146 LIST_INSERT_HEAD(&npf->ext_list, ext, ext_entry); 147 mutex_exit(&npf->ext_lock); 148 149 return (void *)ext; 150 } 151 152 int 153 npf_ext_unregister(npf_t *npf, void *extid) 154 { 155 npf_ext_t *ext = extid; 156 157 /* 158 * Check if in-use first (re-check with the lock held). 159 */ 160 if (ext->ext_refcnt) { 161 return EBUSY; 162 } 163 164 mutex_enter(&npf->ext_lock); 165 if (ext->ext_refcnt) { 166 mutex_exit(&npf->ext_lock); 167 return EBUSY; 168 } 169 KASSERT(npf_ext_lookup(npf, ext->ext_callname, false)); 170 LIST_REMOVE(ext, ext_entry); 171 mutex_exit(&npf->ext_lock); 172 173 kmem_free(ext, sizeof(npf_ext_t)); 174 return 0; 175 } 176 177 int 178 npf_ext_construct(npf_t *npf, const char *name, 179 npf_rproc_t *rp, prop_dictionary_t params) 180 { 181 const npf_ext_ops_t *extops; 182 npf_ext_t *ext; 183 unsigned i; 184 int error; 185 186 if (rp->rp_ext_count >= RPROC_EXT_COUNT) { 187 return ENOSPC; 188 } 189 190 mutex_enter(&npf->ext_lock); 191 ext = npf_ext_lookup(npf, name, true); 192 if (ext) { 193 atomic_inc_uint(&ext->ext_refcnt); 194 } 195 mutex_exit(&npf->ext_lock); 196 197 if (!ext) { 198 return ENOENT; 199 } 200 201 extops = ext->ext_ops; 202 KASSERT(extops != NULL); 203 204 error = extops->ctor(rp, params); 205 if (error) { 206 atomic_dec_uint(&ext->ext_refcnt); 207 return error; 208 } 209 i = rp->rp_ext_count++; 210 rp->rp_ext[i] = ext; 211 return 0; 212 } 213 214 /* 215 * Rule procedure management. 216 */ 217 218 npf_rprocset_t * 219 npf_rprocset_create(void) 220 { 221 npf_rprocset_t *rpset; 222 223 rpset = kmem_zalloc(sizeof(npf_rprocset_t), KM_SLEEP); 224 LIST_INIT(&rpset->rps_list); 225 return rpset; 226 } 227 228 void 229 npf_rprocset_destroy(npf_rprocset_t *rpset) 230 { 231 npf_rproc_t *rp; 232 233 while ((rp = LIST_FIRST(&rpset->rps_list)) != NULL) { 234 LIST_REMOVE(rp, rp_entry); 235 npf_rproc_release(rp); 236 } 237 kmem_free(rpset, sizeof(npf_rprocset_t)); 238 } 239 240 /* 241 * npf_rproc_lookup: find a rule procedure by the name. 242 */ 243 npf_rproc_t * 244 npf_rprocset_lookup(npf_rprocset_t *rpset, const char *name) 245 { 246 npf_rproc_t *rp; 247 248 LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 249 if (strncmp(rp->rp_name, name, RPROC_NAME_LEN) == 0) 250 break; 251 } 252 return rp; 253 } 254 255 /* 256 * npf_rproc_insert: insert a new rule procedure into the set. 257 */ 258 void 259 npf_rprocset_insert(npf_rprocset_t *rpset, npf_rproc_t *rp) 260 { 261 LIST_INSERT_HEAD(&rpset->rps_list, rp, rp_entry); 262 } 263 264 int 265 npf_rprocset_export(const npf_rprocset_t *rpset, prop_array_t rprocs) 266 { 267 prop_dictionary_t rpdict; 268 const npf_rproc_t *rp; 269 270 LIST_FOREACH(rp, &rpset->rps_list, rp_entry) { 271 rpdict = prop_dictionary_create(); 272 prop_array_t extcalls = prop_array_create(); 273 prop_dictionary_set_and_rel(rpdict, "extcalls", extcalls); 274 prop_dictionary_set_cstring(rpdict, "name", rp->rp_name); 275 prop_dictionary_set_uint32(rpdict, "flags", rp->rp_flags); 276 prop_array_add(rprocs, rpdict); 277 prop_object_release(rpdict); 278 } 279 return 0; 280 } 281 282 /* 283 * npf_rproc_create: construct a new rule procedure, lookup and associate 284 * the extension calls with it. 285 */ 286 npf_rproc_t * 287 npf_rproc_create(prop_dictionary_t rpdict) 288 { 289 const char *name; 290 npf_rproc_t *rp; 291 292 if (!prop_dictionary_get_cstring_nocopy(rpdict, "name", &name)) { 293 return NULL; 294 } 295 296 rp = kmem_intr_zalloc(sizeof(npf_rproc_t), KM_SLEEP); 297 rp->rp_refcnt = 1; 298 299 strlcpy(rp->rp_name, name, RPROC_NAME_LEN); 300 prop_dictionary_get_uint32(rpdict, "flags", &rp->rp_flags); 301 return rp; 302 } 303 304 /* 305 * npf_rproc_acquire: acquire the reference on the rule procedure. 306 */ 307 void 308 npf_rproc_acquire(npf_rproc_t *rp) 309 { 310 atomic_inc_uint(&rp->rp_refcnt); 311 } 312 313 /* 314 * npf_rproc_getname: return the name of the given rproc 315 */ 316 const char * 317 npf_rproc_getname(const npf_rproc_t *rp) 318 { 319 return rp->rp_name; 320 } 321 322 /* 323 * npf_rproc_release: drop the reference count and destroy the rule 324 * procedure on the last reference. 325 */ 326 void 327 npf_rproc_release(npf_rproc_t *rp) 328 { 329 330 KASSERT(rp->rp_refcnt > 0); 331 if (atomic_dec_uint_nv(&rp->rp_refcnt) != 0) { 332 return; 333 } 334 /* XXXintr */ 335 for (unsigned i = 0; i < rp->rp_ext_count; i++) { 336 npf_ext_t *ext = rp->rp_ext[i]; 337 const npf_ext_ops_t *extops = ext->ext_ops; 338 339 extops->dtor(rp, rp->rp_ext_meta[i]); 340 atomic_dec_uint(&ext->ext_refcnt); 341 } 342 kmem_intr_free(rp, sizeof(npf_rproc_t)); 343 } 344 345 void 346 npf_rproc_assign(npf_rproc_t *rp, void *params) 347 { 348 unsigned i = rp->rp_ext_count; 349 350 /* Note: params may be NULL. */ 351 KASSERT(i < RPROC_EXT_COUNT); 352 rp->rp_ext_meta[i] = params; 353 } 354 355 /* 356 * npf_rproc_run: run the rule procedure by executing each extension call. 357 * 358 * => Reference on the rule procedure must be held. 359 */ 360 bool 361 npf_rproc_run(npf_cache_t *npc, npf_rproc_t *rp, const npf_match_info_t *mi, 362 int *decision) 363 { 364 const unsigned extcount = rp->rp_ext_count; 365 366 KASSERT(!nbuf_flag_p(npc->npc_nbuf, NBUF_DATAREF_RESET)); 367 KASSERT(rp->rp_refcnt > 0); 368 369 for (unsigned i = 0; i < extcount; i++) { 370 const npf_ext_t *ext = rp->rp_ext[i]; 371 const npf_ext_ops_t *extops = ext->ext_ops; 372 373 KASSERT(ext->ext_refcnt > 0); 374 if (!extops->proc(npc, rp->rp_ext_meta[i], mi, decision)) { 375 return false; 376 } 377 378 if (nbuf_flag_p(npc->npc_nbuf, NBUF_DATAREF_RESET)) { 379 npf_recache(npc); 380 } 381 } 382 383 return true; 384 } 385